Monday, November 26, 2012

Autosnort updates and expanded OS support

Hello snort users,

It has been some amount of time since my initial announcement for autosnort. I've been (somewhat?) hard at work since then, improving the initial script, and also creating additional scripts for supporting other operating systems. In case you weren't around for the first announcement a few months ago, autosnort is a shell script that will take a supported operating system from base install and give you a fully updated, fully functional snort installation with minimal effort.

So without further adieu, here are the announcements:

1. Improved automation - the script no longer downloads a static version of snort, but is able to poll snort.org for the latest stable version of snort and daq libraries and automatically download them (special thanks to Dogbert2 in the snort IRC for the idea on how to do this)2. Expanded OS support - there are now autosnort builds for CentOS 32 and 64 bit as well as Backtrack 5 r3 -- Gnome and KDE -- 32 and 64 bit.3. Improved documentation - in the general README as well as OS-specific readmes that detail what exactly the script does to your system -- in addition to the code comments to explain EXACTLY what is going on, if you want to try your hand and modifying the script to suit your specific needs.

In the works:1. A build for Debian 32 and 64-bit2. A build for pentoo linux 3. A choice of web front ends4. Barebones install option (e.g. snort, daqlibs and output to syslog for SIEM integration)

Give it a try, let me know what you think. Contributions of code (or, well, anything, I suppose) will not be turned away.

Autosnort now has its own blog so I don't have to hijack Joel's/snort's/Sourcefire's blog for announcements. (psst: Thanks!). If you run into any problems or have any questions, my contact information is available in the script readme, but for good measure: